Turn Linux into Fort Knox: 10 Tools for a Safer Web Server
With Linux hyped as a very secure and stable operating system as compared to Windows, you might be wondering why would anyone need security tools for Linux. You are right. Linux is a secure and stable OS but is still vulnerable to bugs, security leaks and intrusion attacks specially if you are using it as a web server. To detect such attacks and security holes, security tools are needed. These can be used to patch up bugs, fix network leaks, prevent viruses, trojan horses and remote exploits.
1. John the Ripper:
Prevention is better than cure. Strong passwords are the first step in securing your web server. Many web servers get exploited just because of weak passwords. John the Ripper is a password auditing tool that can be used to detect weak passwords on web servers. It checks the passwords against a list of words commonly used and their variants. If the passwords on your web server get cracked by this tool, you have a red alert. Change your password to some uncommon mix of alphanumeric characters.
2. NMap:
Next on your checklist should be if any ports have been left open accidentally on your web server. NMap is the just the right tool help you detect port vulnerabilities and prevent your web server from being exploited. If you find any unwanted ports close them. It’s better to run nmap from another server.
3. Firestarter:
How do you close an open unwanted port? Firewall is the answer to your problem here. Linux uses iptables to secure and close unwanted ports. You can use Firestarter which is front end tool for iptables if you find handling iptables tough from the command line. Firestarter is not only easy to use, but you can even implement the firewall rules with immediate effect from the program itself.
4. Chkrootkit:
What if you feel that the security of your web server has been compromised from the inside? Chkrootkit is the tool to detect the presence of these trojan horses. Root kits are small pieces of software that a hacker might have left hidden on your web server which might be used to gain access to your machine in the future. It should be run from a rescue disk like a live CD.
5. GPG:
You can keep data on your web server confidential even if it gets exploited. To prevent hackers from getting away with your data, you can use encryption tools. GPG is one such tool that uses public key encryption which makes the data in encrypted files inaccessible to an intruder. There are two sets of keys one on the disk an one privately held like on a removable medium. This makes it tough to get the contents even if the encryption key stored on the disk is known.
6. OpenSSh:
For remote maintenance of your web server never use telnet. It sends your login information in a way that can easily be sniffed. OpenSSh is the tool that you can use to remotely login. It uses username and password based authentication to provide a secure encrypted connection over an insecure network like the Internet.
7. Tripwire:
Files on a Linux web server are arranged in their respective directories with the configuration files being under /etc. To verify that the system configuration files have not been manipulated or compromised, an intrusion detection system is used to monitor and report the changes about such files. Tripwire is one such tool that performs this action and sends alerts whenever a file change security breach is detected.
8. Wireshark:
You can analyze live network data or from an existing file with Wireshark. It can reconstruct a TCP session with support for hundreds of protocols. It is widely used to capture packets across a network and give a detailed visual report. You can use it to sniff packets for troubleshooting and analyzing network problems.
9. Hping:
To audit security and test firewalls you can use Hping to generate packets over TCP/IP protocol. It can be used in traceroute mode and has the ability to send files between a covered channel. You can use it for remote OS fingerprinting and uptime guessing.
10. Socat:
Based on netcat, you can use socat to read and write data over network connections on TCP and UDP. It can also be used as a network debugger and analyzing tool, as it create many types of connections. It supports SSL encryption and proxies.
In addition to using these tools to secure your web server, you can do basic things like stopping unused services, deleting unwanted CGI applications. Run periodic scans and tests to keep your web server healthy and secure.
You can get all these tools from the repositories of your Linux distro. Live rescue and penetration detection CDs also come with these and many more tools to help you secure your Linux web server.
[...] read more | digg story [...]
11. NEssus
A GUI firewall configuration utility on a web server? iptables or firehol
thanks, great article. i’m gonna go do some checks and scans right now on my server…
7. Samhain (instead of Tripwire)
12. Nikto
Firestarter for webserver? no way!… Check http://www.vuurmuur.org , nice ncurses interface and DROP by default!
to help prevent ssh brute forcing checkout denyhosts. It’ll completely cut a persons access from the server off after a specified number of failed logins
Seriously, You forget fail2ban?
[...] can be used to patch up bugs, fix network leaks, prevent viruses, trojan horses and remote exploits.read more | digg [...]
Ok, This is a good general overview of a computer sitting in fort knox. Not on the real internet. #1 problem with security is the user. As far as the rest of these tools go, the are only good if you know what they do and how to use them and fully understand what you are looking at. Firestarter is just a gui for iptables.. Real sysadmins or those who know what they are doing will not use it.
Ubuntu’s ufw!!
It’s 2008, Do we really need someone to tell us to stop using telnet and start using SSH?
[...] Link [...]
What about mod_security for Apache?
Oh, btw, thanks for knockin down my free speech there brad. I see now the daily artisan is biased towards uninformed people who say “OMG great article. I’ma blindly follow this right now! lolololz” and refuse to listen to INFORMED people with a different view. First time visitor, also a last time visitor. kthxbai
If I may add an 11th, as obvious as it is, it is the “package manager”, especially in its system updating functionality.
As you said “OS but is still vulnerable to bugs, security leaks …” so it is important to periodically check for software updates.
I use msec. It checks for any changes on my server and runs a scan for trojans. It emails me a dif message and a security message every night. Msec is only under Mandriva Linux.
Folks are being a bit hard on the author, of course there are better tools, but he was just trying to provide a hand to people who are completely unawares.
My contribution: chroot is awesome. If you chroot your lighttpd webserver, the server application and other ones you chroot it with have no access to any files on your system except the ones in the chroot environment. So they can hack your server, but not your system.
[...] Enlace | Daily Artisan » Turn Linux into Fort Knox: 10 Tools for a Safer Web Server. [...]
no mention about backtrack live CD? most tools needed to be run from a live CD, especially security auditing tools are available on backtrack live CD.
[...] Daily Artisan » Turn Linux into Fort Knox: 10 Tools for a Safer Web Server. [...]
What about SELinux? It shocks me that an article centered around securing Linux wouldn’t mention any mandatory access control at all, how short sighted.
Also, spelling and grammar checkers are your friend.
[...] Toughen up your web server Filed under: Linux, Security — 0ddn1x @ 2008-10-10 20:54:18 +0000 http://www.dailyartisan.com/news/linux-security-tools/ [...]
Poorly stated info here about running chkrootkit from a rescue disk. If you boot from the rescue disk you will be checking the rescue disk’s environment, not the one you actually want to check, therefore making most of the tests it runs useless.
It should be run from a CD, yes, one with known-good binaries that it uses (read the README file), but NOT while BOOTED from a rescue disk.
Oh, and about OpenSSH…
1995 called and it wants its security tips back.
Wow, rereading the whole list, this is actually a pretty poor article in terms of best practices. As others have mentioned, no mention of SELinux (or grsecurity for that matter), a focus on many lesser tools when there are better ones available, a desktop-oriented security view, no mention of actually following best practices (or links or discussion of any), and so forth.
This article might better be titled “Ten tools I found about while Googling for linux security information, the usefulness of which I am not qualified to judge”.
Sorry, but it’s weak, which is not something trivial when suggesting security tools.